What measures should companies take against cyber attacks? Types of M.O.s and Examples of Damage

Unauthorized attacks on corporate websites and servers continue unabated, and cyber attack countermeasures are becoming increasingly important for all companies. This report explains the basic knowledge of such cyber attacks, recent trends, the purpose of attacks, specific examples and countermeasures, and other information that corporate security personnel need to know. It also introduces preventive measures against attacks, what to do in the event of an infection, and specialized cybersecurity companies to collaborate with in case of an emergency.

What is a cyber attack?

A cyber attack refers to sabotage, data theft, or falsification of computer systems such as servers and PCs. The targets vary from those targeting an unspecified number of individuals or companies to those targeting specific companies or nations. Cyber-attacks can also be used to break into systems and steal confidential or personal information, or to attack websites or online services and bring them down.

Recent Trends in Cyber Attacks

Around 2000, when cyber attacks were first recognized, they were often carried out in an amusing and harassing manner, such as indiscriminately sending e-mails to infect computers with viruses and destroy data. Recently, ransomware, which is a ransom-type virus, has become the mainstream "invisible attack" that is difficult to notice.

Cyber attacks are on the rise not only in Japan but also globally. As IT infrastructures diversify and evolve, such as the spread of smartphones among individuals and the use of cloud computing by enterprises, the methods of attack continue to evolve as well.

Purpose of Cyber Attacks

The purposes of cyber-attacks vary, but recently, the number of cyber-attacks with financial purposes has been on the rise. In addition to information manipulation, theft, and espionage, such as stealing or illegally accessing and leaking national or corporate information, cyber attacks are committed by ideologues for political or social advocacy purposes, or to disrupt the activities of a company or nation by taking down its systems. Cyber-attacks are not an isolated incident.

Types of Cyber Attacks

Cyber-attacks are constantly evolving and there are many different types. The following is an explanation of each modus operandi.

Malware

Malware is a generic term for software that infiltrates computers and other devices to carry out malicious activities. It is a combination of the words "malicious" and "software. It includes data destruction, theft, unauthorized access to systems, etc. Typical examples include viruses, Trojan horses, and spyware.

Ransomware

Ransomware is a type of malware that is a ransom demand virus. Ransomware is a type of malware that encrypts files and data to make them inaccessible and demands a ransom in exchange for restoring them.

Nowhere Ransom

Noware Ransome is a new cyber-attack method that skips the data encryption found in a typical ransomware attack and uses the stolen data to blackmail the victim. Signs of such attacks without data encryption have been seen since around 2021, and the lack of encryption makes it difficult to detect the damage.

Phishing Scams

Phishing scams target an unspecified number of people, impersonating services such as credit cards and online banking, and stealing users' login information. Phishing is a familiar and common technique for many people, as credit cards are often misused.

DoS/DDoS Attacks

A DoS attack/DDoS attack is a cyber attack that sends a large amount of access and data to a targeted server. By overloading the servers, they cause website access failures or server downtime. The purpose is to harass a specific company or demand money in exchange for the cessation of the attack.

Targeted Attacks

A targeted attack is a cyber attack that targets a specific organization or user. The attacker pretends to be a customer or an actual company or organization, and sends emails with malicious file attachments or links to malicious websites in an attempt to infect the device with a virus.

Major Examples of Cyber Attacks

The following is a partial list of major cyber attack cases and the circumstances and details of the damage, based on reports of computer viruses and unauthorized access.

Source: Information-technology Promotion Agency, Japan, "Notified Cases of Computer Virus and Unauthorized Access"
https://www.ipa.go.jp/security/todokede/crack-virus/ug65p9000000nnpa-att/000108764.pdf

Computer Virus Detection and Infection Damage

One of the company's PCs was infected with a virus, and the cause was presumed to be infection by browsing a Web site. As a response, the infected PC was initialized, and a new PC was purchased. To prevent recurrence, content filtering was thoroughly applied when browsing Web sites.

Damage from a cyber attack demanding ransom

After an unauthorized access to the company's server was confirmed to be ransomware, an investigation revealed that several hundred PCs had been infected with LockBit ransomware. The attacker was presumed to have exploited a vulnerability in the VPN device to enter the corporate system and encrypt the PCs. Along with shutting down the network and modernizing the OS and software, the company strengthened its monitoring and security management system.

Unauthorized access through exploitation of vulnerabilities and inadequate settings

Upon receiving a report of suspicious pages being published on the website of a rental server operated by a company, we investigated and confirmed multiple phishing sites on the server. During the recovery process, the server became inoperable, and upon re-examination, it was discovered that the files on the server, including the system area, had been erased. Assuming that the cause was the use of a vulnerable version of the CMS, as a preventive measure, we closed the website, implemented countermeasures against the cause of the unauthorized access, and migrated to a service with enhanced security.

Unauthorized access that breached ID and password authentication

On an EC site operated by a company, we discovered that multiple orders were placed in a short period of time by a specific member. Upon investigation, it was discovered that an attacker had fraudulently registered as a member and conducted an attack to verify the validity of the credit card. It was assumed that the attacker abused the site because there was no limit on the number of times credit card information could be entered. We took measures to prevent recurrence, such as limiting the number of times credit card information could be entered and introducing a service with a function to block access that was deemed to be an attack.

Countermeasures against cyber attacks

Cyber attacks have the potential to target any company or individual. This section explains what specific measures need to be taken to protect against various types of cyber attacks.

Measures to be taken by individuals (employees)

The measures that individuals should take are,

• Do not open suspicious email attachments or links
• Update your OS and software to the latest version.
• Do not access unauthorized websites.

These are just a few examples. By doing these things, you can improve your online security and protect yourself from cyber attacks.

In addition, back up important data regularly and store backup data offline or in cloud storage to avoid panic in case of an emergency. It is also important not to transmit personal information when using public Wi-Fi, use strong passwords, and do not reuse passwords.

Measures companies should take

For companies, a broader and more strategic approach is required than for individuals, and the following measures should be taken

• Implementation of EPP/EDR and SASE
• Restrictions on external memory access and website browsing
• Implementation of security training for employees
• Consultation with specialized cybersecurity organizations

The introduction of security software such as EPP/EDR is fundamental. Now that remote work has become common, the introduction of SASE (Secure Access Service Edge), which comprehensively enhances endpoint security from a zero-trust perspective, is likely to become the mainstream trend.

It is also important to raise employee security awareness. To this end, establish an internal security policy and enforce it throughout the organization. In addition, establish a management system that includes regular cybersecurity training for employees, sharing information about cyber attacks, creating secure passwords, and providing precautions regarding the handling of information. In addition to preventive measures to prevent problems from occurring, it may be difficult for cyber security staff to handle the situation alone in order to quickly resolve the issue in the event of an emergency. It is a good idea to have a cooperative system in place with a specialized cybersecurity organization.

What to do in the event of a cyber attack

No matter how much precautions are taken, there may be unexpected accidents or problems that cannot be avoided. This section explains how to respond quickly to prevent the spread of damage and secondary damage in the event of a cyber attack.

Blocking infected information terminals from the network

By cutting off or isolating the compromised system from the network and taking it offline, it is possible to prevent the infected device from infecting other devices. However, recent ransomware often uses the lateral movement method, in which it infiltrates the network, seizes administrative privileges, and expands its attack to the domain under which it operates. Therefore, it is highly likely that simply disconnecting the network is not enough to control the risk, and it is appropriate to promptly request a specialist to investigate the scope of the impact and the actual damage.

Confirmation of damage details

It is necessary to identify what kind of attack was carried out, its nature and method, and to understand the scope of the impact. Understanding exactly which data and systems were compromised will provide an opportunity to resolve the problem.

Restore with a decryption tool

Ideally, critical data should be recovered from backups, but for some ransomware, decryption tools can be effective. On the other hand, be aware that fake decryption tools also exist. Appropriate methods should be chosen and implemented quickly to minimize damage.

Ask a cybersecurity specialist to investigate.

In both cases, the reality is that many cases are too difficult and complex for in-house security staff to solve alone, and it is difficult to respond to increasingly sophisticated methods. There is also a risk of damage escalation if the initial response is delayed. In the event of a cyber attack, it is a wise choice to promptly request a specialist to investigate.

For countermeasures against cyber attacks and how to respond in the event of an attack, please contact FRONTEO.

When you become aware of the damage caused by hacking or malware infection, it is necessary to investigate the damage, such as information leakage, whether there was virus infection or unauthorized access, and through what channels it occurred. As security damage continues to increase, there are specialized companies that provide consultation on all aspects of cyber attacks, from investigation and explanation of the causes to prevention. If you are a company that handles personal information, you are also obligated to grasp the facts as soon as possible and report them to the relevant authorities. The support of a specialized company is essential in order to handle this series of actions as quickly as possible.

FRONTEO, with over 10,600 fraud investigations under its belt, offers a "Cyber Security Investigation Package" that can respond to today's increasingly complex cyber attacks. By combining multiple investigations into a package, FRONTEO has strengthened its ability to quickly support the initial response to incidents, especially for small and medium-sized enterprises. For cyber attack investigations, FRONTEO's "Cyber Security Investigation Package," which compiles the minimum necessary investigations in the event of a contingency, is an effective tool.